Tag Archive for Mac OS

| July 21, 2015
Comments Off on Apple favors IPv6 as IPv4 Dries Up

Apple favors IPv6 as IPv4 Dries Up

Apple favors IPv6 as IPv4 Dries UpThe American Registry for Internet Numbers (ARIN) has reported that the IPv4 well is just about dry in North America. On 01 July 2015, ARIN had to refuse a request for a block of IPv4 addresses. The ARIN statement says that there are still a few IPv4 numbers available in smaller block sizes. But for all intents and purposes, there are no more unassigned public IPv4 addresses. As of July 18, 2015, the ARIN IPv4 Deletion page reports only 335 /24 IPv4 address ranges are available. It is time to start looking at IPv6.

Will have an impact on the large enterprisesThe good news, according to FierceEnterpriseCommunications, is the IPv4 drought isn’t yet affecting most of the internal networks of enterprises. But it’s just a matter of time before it starts to have a greater impact on the largest of enterprises. Microsoft (MSFT), for instance, found it was out of IPv4 addresses a few weeks ago. And for the first time in ARIN’s history, they denied a company that requested a large block of IPv4 addresses. Tom Coffeen, chief IPv6 evangelist at Infoblox, in a statement to FierceEnterpriseCommunications explained:

Though the IPv4 well has run dry and threatens service providers, the sky hasn’t yet landed on enterprise networks … Most enterprises still rely on private IPv4 for their internal networks. The small number of public, routable IPv4 addresses required to connect enterprise networks to the Internet is typically provided by the ISP, making IPv4 much more critical for Internet services providers.

IPv6One company that is reacting to IPv4 scarcity is Apple (AAPL). Apple’s latest operating systems – iOS 9 for iPhones and iPads and OS X El Capitan for Macs are designed to take advantage of IPv6. The new operating systems select the fastest connection with the lowest latency, whether IPv4 or IPv6, using the Happy Eyeballs algorithm, explained David Schinazi, the CoreOS networking engineer at Apple. Devices use the Happy Eyeballs algorithm to decide which protocol to use, as many applications use a “dual-stack” approach to networking, making available both IPv4 and IPv6 connections.

FierceMobileIT says this worked out to be a 50/50 split between IPv4 and iPv6 in iOS 8 and OS X Yosemite, but for the new OSes, IPv6 will be chosen by the algorithm around 99 percent of the time, according to Apple beta testing. Apple’s Schinazi wrote in a post on the Internet Engineering Task Force mailing list that Apple considers IPv6 mainstream.

IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels, IPv4 carrier-grade NATs [network address translations] are increasing in numbers, and throughput may even be better on average over IPv6

The author reports that testing performed by Apple shows that the new OSes should use IPv6 addresses around 99 percent of the time. Apple operating systems have supported IPv6 by default for Mac users as part of the OS X 10.2 Jaguar release in May 2002.

Mr, Schinazi cautioned that both OSes are in beta so things might change for the final versions. “If this behavior proves successful during the beta period, you should expect more IPv6 traffic from Apple products in the future,” he added.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| December 27, 2012
Comments Off on F-Secure Top Security Predictions for 2013

F-Secure Top Security Predictions for 2013

F-Secure Top Security Predictions for 2013As the new year looms, all kinds of firms start making predictions, mostly to boost their sales next year, I will be looking at a number of firm’s predictions for next year, a let’s see how smart they are this time next year. Here are the top security predictions for 2013 from Finland-based F-Secure Labs shared with Help Net Security.

ITU WCIT in Dubai could mean the end of the Internet1. The end of the Internet as we know it? – Secure Labs predicts that the ITU WCIT in Dubai could mean the end of the Internet (which I covered here and here). Sean Sullivan, Security Advisor at F-Secure Labs says that the World Conference on International Telecommunications could have a major impact on the Internet as we know it. “The Internet could break up into a series of smaller Internets,” Sullivan says. “Or it may start to be funded differently, with big content providers like Facebook and Google/YouTube having to pay taxes for the content they deliver.

rb- WCIT has concluded with the U.S. and most of Europe refusing to sign the treaty due to language backed by Russia and China that could have large-ranging impacts on Internet freedom.

2. Leaks will reveal more government-sponsored espionage tools – “It’s clear from past leaks about Stuxnet, Flame, and Gauss that the cyber arms race is well underway,” says Mikko Hypponen, Chief Research Officer at F-Secure Labs. While we may not always be aware of nation-states’ covert cyber operations, we can expect that governments are more and more involved in such activity.

mobile malware will increase3. Commoditization of mobile malware will increase – The Google (GOOG) Android operating system has solidified in a way that previous mobile operating systems haven’t, extending from phones to tablets to TVs to specialized versions of tablets. The more ubiquitous it becomes, “the easier to build malware on top of it and the more opportunities for criminals to innovate business-wise,” Sullivan says. Mobile malware will become more commoditized, with cyber-criminals building toolkits that can be purchased and used by other criminals without real hacking skills. In other words, malware as a service, for Android.

4. Another malware outbreak will hit the Mac world – First it was Mac Defender and then Flashback that attacked Apple.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| August 28, 2012
One comment

A History of Mac Malware: Part 1

A History of Mac Malware: Part 1Graham Cluley at Sophos recently wrote an excellent history of Apple Macintosh malware. He points out that Mac malware is a subject that raises strong emotions. There are some who believe that the problem is over-hyped and others who believe that the malware problem on Macs is underestimated by the Apple-loving community. The author writes that hopefully, this short history will go some way to present the facts and encourage sensible debate. (rb- We have just taken on a new customer which is 85% Mac and 15% PC. I have had this very conversation with my Apple certified tech who does the field support.)

Click here for part two of this series. Click here to read my recent series commemorating the 25th anniversary of the computer virus.

Apple II1982 – Apple II – The first virus to affect Apple computers wasn’t written for the Macintosh (the original Mac did appear until 1984). 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers. On every 50th boot the Elk Cloner virus would display a short poem:

It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

The blog says many Apple fans are surprised that the Elk Cloner boot sector virus predates IBM (IBM) PC viruses by some years. (I got my first paying tech job using an Apple II and PFS:File to build a database).

1987 – Macintosh – The nVIR virus began to infect Apple Macintosh computers, spreading its malware mainly by floppy disk. It was a similar story to what was happening in the world of MS-DOS malware, where viruses would typically travel from computer to computer by users sharing floppy disks.

Source code for nVIR was later made available, causing a rash of variants for the Mac platform. The author writes that the first anti-virus products for Mac, some free, some commercial, began to emerge in response th this malware. (In my first tech support Job, I got very familiar with the Mac 30/SE, since there was a computer lab full of them with a SCSI chain from the Mac to an external hard drive to a scanner. They also printed to a LaserWriter 2 with AppleTalk and Phonenet. I still have a bag of terminators.)

Mac 30/SE1988 – HyperCard – Running on early versions of Apple’s Mac OS, one HyperCard virus displayed a message about Michael Dukakis’s US presidential bid before self-destructing:

Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14-year-old, and am completely harmless. Dukakis for preseident (sic) in ’88. Peace on earth and have a nice day

1990 – The MDEF virus (aka Garfield) emerged, spreading malware on application and system files on the Mac.

1991 – HC (also known as Two Tunes or Three Tunes) was a HyperCard virus discovered in Holland and Belgium in March 1991. The writes that on German language versions of the operating system it would play German folk tunes and display messages such as “Hey, what are you doing?” and “Don’t panic.”

Microsoft Office1995 – Concept Macro Virus – Microsoft (MSFT) accidentally shipped the first-ever Word macro virus, Concept, on CD-ROM. It infected both Macs and PCs running Microsoft Word. Concept was not written with malicious intent but thousands of macro viruses were to follow, many also affecting Microsoft Office for Mac. Word macro viruses turned the world of Mac *and* Windows malware on its head overnight according to Sophos.

Macro viruses are written in an easy-to-understand macro language that Microsoft included in its Office programs making it. The blog says the macro language made it child’s play to create new malware variants. Most people at the time considered documents to be non-dangerous and were happy to receive them without thinking about the security risks. Just opening a Word .DOC file could infect your computer because the macro virus’s code was embedded within.

1996 – Laroux  Excel macro virus – The Laroux virus did not affect Mac users until Microsoft released Excel 98 for Mac and then Apple users could also become victims.

QuickTime logo1998 – Hong Kong introduced the next significant Mac malware outbreak the blog says.  It was first spotted in the wild in Hong Kong. The worm – dubbed AutoStart 9805 – spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+. (rb- An AutoPlay issue – whoda thunkit?). In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.

After 1988 Mr. Cluely writes that big changes to the Mac malware scene were just around the corner. The release of Mac OS X, a whole new operating system which would mean that much of the old malware would no longer be capable of running. Mac-specific malware would have to be written with a new OS in mind.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| July 3, 2012
Comments Off on BYOD Notes

BYOD Notes

90% of Employees Use Personal Devices for Work

90% of Employees Use Personal Devices for WorkA survey by DELL Kace (DELL) found IT managers feel they lack the necessary tools to properly manage BTOD personal devices. In the study, IT managers revealed they are unable to effectively protect corporate data and intellectual property as well as ensure compliance. Help Net Security says key survey findings include:

  • 87% of companies have employees that use a personal device for work including laptops, smartphones and tablet computers.
  • 82% citing their concerns about the use of personal devices for business use
  • 64% revealed they are not confident that they know of all personal devices being used for business purposes
  • 62% specifically concerned about network security breaches
  • 60% reported a greater demand for support of Mac OS X since the introduction of the Apple (AAPL) iPad and iPhone
  • 59% reported their personal devices have created the need to support multiple operating systems (OS’s).
  • 32% revealed employees use unauthorized personal devices and applications to connect to their network

On the governance side:

  • 88% said they believe it is important to have a policy in place to support personal devices, and another 62 percent revealed their organization lacks the necessary tools to manage personal devices.

It’s absolutely essential that IT teams deploy a strategy that provides end-to-end management capabilities on a variety of operating systems to effectively protect networks and address the consumerization and personalization of IT,” said Rob Meinhardt, general manager and co-founder for Dell KACE.

Related articles

Security Monitoring for BYOD Environments

Security Monitoring for BYOD EnvironmentsUnlike other BYOD security solutions that force organizations to install software on every new device, Lancope’s StealthWatch System provides security for any device entering the network, without having to install more software on the device or deploy expensive probes. Help Net Security reports that StealthWatch performs behavioral analysis on flow data from existing infrastructure to deliver end-to-end visibility and security across an organization’s entire network.

Net flow data already exists in network infrastructure devices to monitor network and host activity. Since net flow is already in most network equipment, it provides a cost-effective tool for monitoring mobile devices. The article says flow-based monitoring can uncover external attacks like botnets, worms, viruses or APTs, as well as internal risks such as network misuse, policy violations and data leakage. It can also be leveraged for other efforts including regulatory compliance and capacity planning, and for ensuring high levels of network and mobile device performance.

Related articles

IT is Embracing BYOD

IT is Embracing BYODIT is Embracing BYODCisco says that IT is accepting, and in some cases embracing, “bring your own device” (BYOD). Help Net Security reports that the networking giant found that some of the pros and cons associated with allowing employees to use their own mobile devices on their employers’ networks has become a reality in the enterprise.

The Cisco (CSCO) study BYOD and Virtualization (PDF) found most enterprises are now enabling BYOD.

  • 95% of responding firms permit employee-owned devices in some way in the workplace.
  • The average number of connected devices per knowledge worker will grow from 2.8 in 2012 to 3.3 by 2014.
  • 76% of IT leaders surveyed categorized BYOD as a positive for their companies and challenging for IT.

The survey says employees are turning to BYOD because they want more control of their work experience:

  • 40% of respondents cited “device choice” as employees’ top BYOD priority (the ability to use their favorite device anywhere).
  • Employees’ second BYOD priority is the wish to do personal activities at work, and work activities during personal time.
  • Staff wants to bring their own applications to work: 69% of respondents said that unapproved applications, especially social networks, cloud-based email, and instant messaging, are more prevalent today than two years ago.
  • Employees are willing to invest to improve their work experience. Cisco employees pay an average of $600 out-of-pocket for devices that will give them more control over their work experience the report says.

The article says these findings underscore that BYOD is here to stay, and managers are now acknowledging the need for a more holistic approach, one that is scalable and addresses mobility, security, virtualization, and network policy management, to keep management costs in line while simultaneously providing optimal experiences where savings can be realized.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: , , , , , , , , , ,
| November 22, 2011
7 comments

Apple OS X Security Update

Apple OS X Security UpdateThe magical virus-proof Apple operating systems have had a rough couple of weeks. Apple (AAPL) released security updates for OS X Lion and Snow Leopard, iOS, Numbers for iOS, and Pages for iOS. UK-based security company Sophos says that the OS X patch addressed 75 known vulnerabilities. Most of the vulnerabilities could lead to arbitrary code execution, while others lead to denial of service or privilege escalation. The bug fix weighs in at a whopping 880MB with recovery download.

Apple OS X LionNext Apple released a gargantuan update to iTunes for Windows that fixes 79 vulnerabilities. Sophos reports that the patch fixes 73 holes that could cause remote code execution in WebKit, used to render HTML content. Other fixes resolve remote code execution bugs.

Despite the huge patches, cyber-criminals have figured out how to disable the rudimentary anti-virus protection XProtect Apple has built into Mac OS X by enhancing an existing trojan horse Flashback. The Flashback trojan leaves the Mac vulnerable by preventing XProtect from receiving security definition updates. Sophos makes the point that Mac malware writers are eager to infect Apple computers because of the potential financial rewards.

Sophos logoThe Mac malware authors are not resting on their laurels. Within days, of spotting Flashback in the wild, Sophos reported that Tsunami, a new backdoor trojan horse for Mac OS X, had been discovered. Sophos indicates that the new Mac malware may be a port of Kaiten, a Linux backdoor Trojan horse that uses an IRC channel for instructions.

Code like this is used to commandeer compromised computers into a DDoS (distributed denial-of-service) attack, flooding a website with traffic. ESET notes that as well as enabling DDoS attacks, the backdoor can enable a remote user to download files, such as more malware or updates to the Tsunami code.  The malware can also execute shell commands, giving it the ability to essentially take control of the affected Mac.

Tsunami, a new backdoor trojan horse for Mac OS XOnly a few more days passed before the DevilRobber (Miner-D) Mac OS X Trojan horse was discovered. DevilRobber was embedded in hacked versions of Mac OS X image editing app GraphicConverter version 7.4 distributed via file-sharing torrent sites such as PirateBay. Miner-D tries to generate Bitcoins, the currency of the anonymous digital cash system, by stealing lots of GPU (Graphics Processing Unit) time. GPUs are better than regular CPUs at performing the mathematical calculations required for Bitcoin mining.

Sophos reports that in addition to Bitcoin mining, Miner-D also spies on its victim by taking screen captures and stealing usernames and passwords. In addition, it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), Safari browsing history, and .bash_history. To complete the assault – if the malware finds the user’s Bitcoin wallet it will also steal that.

DevilRobbe Mac OS X Trojan horse was discovered.DevilRobber was recently been updated according to F-Secure researchers. F-Secure researchers point out that the newly discovered Trojan is the third iteration of the malware and that it poses as the popular image-editing app PixelMator.

Help Net Security says this version of DevilRobber has new features that the original version is lacking. It tries to harvest the shell command history, the system log file, and the contents of 1Password, the popular software for managing passwords. Unfortunately, its Bitcoin mining and stealing capabilities are still there, as well.

rb-

safe computing.So despite Apple’s continued instance that their machines do not need anti-malware software, standard malware prevention techniques apply to Macs. Clearly, Mac users like their Windows cousins should practice safe computing. Some of the safer computing practices for Mac and Windows users include

  1. Never open an email attachment unless you are POSITIVE about the source.
  2. Do NOT click on any pop-up that advertises anti-virus or anti-spyware software especially a program promising to provide every feature known to humanity.
  3. Use an AntiVirus program. A free one is better than none. There are several free versions that work well, like Microsoft Security Essentials which is also free has had good reviews.
  4. Keep your OS and AV updated. Make sure that you install those important updates. An out-of-date antivirus program does not help in detecting new infections.
  5. Use a personal firewall. Use a firewall between your DSL router or cable modem and the computer will protect you from inbound attacks. A software firewall on the computer can protect you from both inbound and outbound attacks.
  6. Do NOT download freeware or shareware unless you have must. These often come bundled with spyware, adware, or fake anti-virus programs. Be especially wary of screensavers, games, browser add-ons, peer-to-peer (P2P) clients, and any downloads claiming to be “cracked” or free versions of expensive applications.
  7. Avoid questionable websites. Some sites may automatically download malicious software onto your computer.
  8. Browse responsibly. Sometimes you might not even have to download and install something but just open a website in your browser for a rogue program to infect your computer. So be careful where you go when you are browsing.
  9. Pay attention to your incoming e-mails. Some of them can contain viruses or content pointing to malicious sites. Don’t click on links provided by false institutes that invite you to change passwords or similar.
  10. “Phishing” describes scams that attempt to acquire confidential information such as credit card numbers and passwords by sending out e-mails that look like they come from real companies or trusted people. If you happen to receive an e-mail message announcing that your account will be closed, that you need to confirm an order, or that you need to verify your billing information, do not reply to the e-mail or click on any links. If you want to find out whether the e-mail is legitimate, you can go to their website by directly typing their address into your browser or by calling them.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,